Daily life very nearly came to a grinding halt in Kenya last month with millions of people unable to access the country’s more than 5,000 recently digitised, critical government services – from national health records to e-visa applications and electricity payments. The broadscale disruption served as a stark reminder of the singular challenge facing governments in Africa that are on their digital transformation journeys: securing critical infrastructure. Indeed, the number of cyberattacks reported in the country between July and September last year rose by 200 percent in comparison to the previous quarter.
Microsoft’s latest Cyber Signals report places a spotlight on the critical infrastructure targeted at high profile events, offering clear insight into why government entities are such attractive targets and how threat actors infiltrate essential services. The report, which is based on our learnings and telemetry from delivering cybersecurity support to critical infrastructure facilities during Qatar’s hosting of the FIFA World Cup 2022™, provides a blueprint for governments and organisations looking to mitigate against such threat actors.
Much like global sporting events, government entities are vulnerable to a level of cyber risk that simply does not exist in other environments. News reports from across the world indicate cyberattacks against state and local governments continue to accelerate, with activity targeting critical infrastructure jumping from 20 to 40 percent of all nation-state attacks. This is particularly the case in Africa, which records some of the highest incidence of cyberattacks in the world. And in a recent report on Africa’s cybersecurity landscape, Kenya had the highest number of decision makers (82 percent) in the region indicate that their cybersecurity threats had increased over the past year.
The Kenyan government – acknowledging the power of digital transformation in realising the country’s potential – has identified cybersecurity as a key building block for success. The government has prepared for cyberattacks with the establishment of the National Cyber Security Authority, and National Computer Incident Response Team and is collaborating with partners on the ongoing implementation of the National Cyber Security Strategy 2022-2027.
However, as citizens continue to demand elevated levels of service from the government, simultaneously expecting those services to be delivered through technology that is high-performing and always available, cybersecurity threats to government entities are becoming more diverse and complex.
One of the biggest challenges facing public sector organisations is the need to collaborate with a vast number of contractors and third parties across networks to deliver their mandate.
This makes it difficult for IT teams to gain visibility of all devices and data flow across the network, expanding and adding to the complexity of the attack surface. Threat actors then capitalise on the opportunity to launch targeted or widespread opportunistic attacks in the increasingly connected environments needed to meet these expectations. What’s more, these government institutions generally house a wealth of very sensitive and therefore highly valuable information, providing a lucrative target for cybercriminals.
Mitigating against this magnitude of cyber threat requires next level cyber smart operations. To put this into context, Microsoft ultimately analysed over 634.6 million events while providing cybersecurity for Qatari infrastructure throughout November and December of 2022.
Security coverage needed to span a variety of essential functions. Healthcare was just one example of this, with four healthcare facilities designated as urgent care units for the World Cup, including hospitals delivering critical support and health services for fans and players. These were high-value targets that were victims of previous intrusions and highly susceptible to ransomware attacks.
Protecting these facilities required the intelligence necessary to scan signals, isolate infected assets, and disrupt attacks on their networks. Pre-ransomware activity targeting the healthcare networks needed to be detected and quarantined to ensure any malicious activity was blocked.
The question is – how can public sector institutions ensure their cybersecurity systems are similarly able to thwart the heightened level of malicious activity directed their way?
Microsoft’s Cyber Signals report recommends that agencies first conduct a focused cyber risk assessment, identifying potential threats specific to their organisation. This assessment should include all contractors and suppliers.
Equally critical is to prioritise the implementation of a comprehensive and multi-layered security framework powered by the cloud. This includes deploying firewalls, intrusion detection and prevention systems, and strong encryption protocols to fortify the network against unauthorised access and data breaches.
Regular security audits and vulnerability assessments should also be conducted to identify and address any weaknesses within the network infrastructure.
Beyond the security framework itself, user awareness and training programmes are crucial to educate employees and stakeholders about cybersecurity best practices, such as recognising phishing emails, using multifactor authentication or password-less protection, and avoiding suspicious links or downloads.
Finally, consider least privileged access as a best practice – grant access to systems and services only to those who need it and train staff to understand access layers.
Critical infrastructure security is a worldwide challenge, and one that will continue to escalate with a rise in increasingly sophisticated and expansive cybersecurity attacks. Recent events show that no organisation is immune to the threat posed by well-funded and determined adversaries and defending against cybercriminals is a complex, ever evolving, and never-ending challenge. Guarding against such a powerful threat, not only requires the right technology, but also the backing of shared information and strategic partnerships; Microsoft is one such partner, with all the above threat protection capabilities and more.